The number of ransomware victims continues to mount with CNN reporting that attacks on cities continue to rise. Law enforcement officials continue to warn against paying ransoms. Security experts continue to suggest that even if victims pay their ransom, there is no guarantee that the victim’s data will be decrypted, and if it is, there’s also no guarantee that the data hasn’t been tainted or corrupted. Meanwhile, insurance companies are now a factor as they are looking to minimize the damages that they have to pay out as an insurer in order to get their client organizations back up and running; even if it means that they pay the ransom. Two very opposite stances. One is taking the long-term view, “DO NOT PAY” trying to disincentivize hackers by taking away their quick score, while the other is taking the short-term view, or “PAY” out now so to minimize overall damage costs.
And so, the debate rages on as to what is the proper response when an organization is hit. A prime case came to light just recently as, just days after the Conference of Mayors passed a resolution opposing the payment of ransoms by cities, La Porte County in Indiana did just the opposite; paying out ransom to the tune of $130K after their systems had been hit. Granted, in this case, the county will pay about $30K, while its insurer will pay the remainder of the ransom. The decision was also made after it was determined that the FBI’s own decryption software was unable to unlock the encrypted data. Putting aside the ethics of the decision, La Porte made their decision from a cost perspective as other governments who declined to pay their ransoms ended up incurring a much heavier cost than the ransom that was demanded. As an example, the city of Baltimore declined to pay their ransom demand of $76K and it is now estimated that the city will end up spending over $10MM in order to fully restore its computer network, not to mention that it is estimated that they have lost revenues amounting to around the same amount as a direct consequence of the attack.
Regardless of the side of the debate that is appropriate to your situation, this is the new reality for IT Security teams in cities, government departments and other organizations around the world who have become the targets of hackers looking to make and easy score. The unfortunate thing is that attacks have been increasing against cities as of late because it is clear that cities are ill-prepared or typically underfunded to deal with these types of emergencies. We’re seeing that it’s not only the big cities and states that are being affected but the smaller municipalities and counties being taken down as well. Any organization that relies on a critical system or database in order to operate and that is typically known to be under protected, is ripe for the picking.
Meanwhile, as the debate continues, what a lot of people don’t realize is that the best way to handle the scourge of ransomware is neither paying or not paying, it is to ensure that preventative measures are put in place to safeguard against an attack happening in the first place! We’ve blogged about the bare minimum that organizations should do in order to protect themselves, especially when budgets are tight. When it comes down to it, even with tight budgets, organizations can still put some measures in place since, as ALL cases have shown, it is ALWAYS much cheaper to prevent an attack than it is to have to remediate it after the fact.
Preventative solutions is where Wedge comes in. The Wedge Advanced Malware Blocker product is a prime example of real-time security that has been proven to be effective in blocking ALL advanced attacks, ransomware, zero days and never-before-seen malware BEFORE they can make their way to the vulnerable endpoints. With our patented Deep Content Inspection, that can see ALL content going through the network, orchestrated with the industry’s best-of-breed security services and Artificial Intelligence / Machine Learning that detects and blocks all attacks and that helps us to keep several steps ahead of the hackers, organizations have a real choice in how they want to deal with the possibility of ransomware attacks. Best of all, Wedge provides a FREE 90 day trial of the WedgeAMB product to anyone who is interested in seeing how it works for themselves! As always, contact our team at: info@wedgenetworks.com to learn more!
